While Microsoft works tirelessly to eliminate this stigma, Windows still retains its operating
However, there comes a time when to hack the systemit becomes almost too easy, for example, when you plug in a Razer mouse, which in turn starts a process that allows almost anyone with physical access to a computer to gain system-level administrator rights.
Windows users are accustomed to the concept of “Plugand Play ”when new peripherals“ just work ”when plugged in. This is usually done by using a program that automatically launches to download and install device drivers and configure the PC to recognize an external device. This system is used by nearly every known Windows accessory, suggesting that this particular zero-day vulnerability is not exclusive to Razer.
What makes the matter more serious isthat Razer's Synapse software installer makes this process too easy. Synapse is an application that allows users to customize their Razer hardware with advanced features such as key and button remapping. The Synapse installer automatically launches when you plug in your Razer mouse, and that's where the error crept in.
RazerInstaller.exe will naturally run with system-level privileges to make any changes to a Windows PC. However, it also allows the user to open an instance of File Explorer with the same permissions and launch PowerShell, which will allow them to do whatever they want with the system, including installing malware. Having received no response from Razer, security researcher @ j0nh4t decided to publicly disclose the vulnerability.
Need local admin and have physical access?
- Plug a Razer mouse (or the dongle)
- Windows Update will download and execute RazerInstaller as SYSTEM
- Abuse elevated Explorer to open Powershell with Shift + Right click
Tried contacting @Razer, but no answers. So here’s a freebie pic.twitter.com/xDkl87RCmz
- jonhat (@ j0nh4t) August 21, 2021
The good news is that thisThe exploit requires an attacker to physically access the target Windows computer and the Razer mouse. The latter, of course, is sold at every step, and it is not difficult to buy it. Breaking the silence, Razer acknowledged the bug and promised to release a fix as soon as it can, although this still raises the question of how many installers have similar security holes.
Source: @ j0nh4t</ p>